CVE-2022-21252 Vulnerability in the Oracle WebLogic Server product that affects 12.2.1.4.0 and 14.1.1.0 versions.

CVE-2022-21252 Vulnerability in the Oracle WebLogic Server product that affects 12.2.1.4.0 and 14.1.1.0 versions.

Oracle WebLogic Server is prone to a security vulnerability because it does not sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to gain access to the system. This access can be exploited to access, change, and delete data. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the targeted system. An attacker must be able to access the target system to exploit this vulnerability.

Oracle WebLogic Server is prone to a security vulnerability because it does not sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to gain access to the system. This access can be exploited to access, change, and delete data. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the targeted system. An attacker must be able to access the target system to exploit this vulnerability. Web applications are high value targets and are often targeted by attackers. Reducing the exposure of web applications to attacks is important. Redirecting users to a secure login page when they occur in non-secure environments can help protect users and systems from illegitimate access by attackers. Redirecting requests for sensitive information to a secure landing page can help prevent attackers from accessing and modifying critical information

Products Affected by the Vulnerability

The vulnerability affects Oracle WebLogic Server versions 11.2.1.3 and earlier and Java SE Development Kit 5.0 Update 16 and earlier, 5.0 Update 17 and earlier, 6u131, 7u101, 8u78, 11gR1-b13 and RHEL 5 U4 and later.

Requirements/Scopes

Two-Factor Authentication
Oracle WebLogic Server is prone to a security vulnerability because it does not sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to gain access to the system. This access can be exploited to access, change, and delete data. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the targeted system. An attacker must be able to access the target system to exploit this vulnerability.

Vulnerability overview

An unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the targeted system. An attacker must be able to access the target system to exploit this vulnerability. The vulnerability is caused by the lack of proper authentication on the affected server. This vulnerability could allow an attacker to execute arbitrary code on the vulnerable system.
This flaw affects WebLogic Server 12.1 and earlier, which are prone to remote code execution vulnerabilities.

Vulnerabilities affecting Oracle WebLogic Server CVE-2022-21252

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe